phishing and nslookup versus dig

We would like to inform you that we have released a new version of USAA Confirmation Form. This form is required to be completed by all USAA customers. Please use the button below in order to access the form:

Access USAA Confrmation Form

hank you,

USAA

And yes, it had the typical phishing spelling errors. But what was interesting to me was the link from the “Access USAA…” text, which went to http://www.usaa.com.1l1ji.com/<more stuff>. Just for grins, I did an nslookup on 1ji.com, and got back:

dreger.de is in Berlin, but there wasn’t much more information. Wish I understood better when there are differences betweeen nslookup and dig. I googled a bit on “10800 iIN SOA” but didn’t get any good hits.

Regardless, when I tried to visit the site to see what happened, Firefox conveniently blocked it: